Privacy Policy

Last updated: January 2025 · Jannatie Ltd, England & Wales

1. Who we are

Jannatie Ltd (“Jannatie”, “we”, “us”, “our”) is a company registered in England and Wales. We operate the website jannatie.com and the Jannatie progressive web application (together, the “Service”). We are the data controller for your personal data. Our ICO registration number is [ICO Registration Number].

2. Data we collect

We collect only what is necessary to provide the Service:

  • Account data: Your name, email address, and optionally a profile photo.
  • Usage data: Habits you track, lessons you complete, XP earned, and streak counts — stored to provide personalisation.
  • Payment data: Processed securely by Stripe. We never store full card numbers.
  • Device data: Browser type, device type, and general location (country level) for analytics.
  • Communication data: If you contact us by email.

3. How we use your data

  • To provide and improve the Service
  • To process payments and manage subscriptions
  • To send transactional emails (account, receipts, password reset)
  • To send our newsletter — only if you have opted in
  • To monitor for security and fraud
  • To comply with legal obligations

We do not sell your personal data. We do not use your data for advertising targeting.

4. Legal basis (UK GDPR)

  • Contract performance: Providing the Service you signed up for.
  • Legitimate interests: Product analytics, security, fraud prevention.
  • Consent: Newsletter emails and optional cookies.
  • Legal obligation: Accounting records, regulatory compliance.

5. Cookies

We use strictly necessary cookies for authentication sessions, and optional analytics cookies (PostHog, with EU hosting) if you consent. You can withdraw consent at any time from your account settings. We do not use third-party advertising cookies.

6. Data retention

We retain your account data for as long as your account is active. If you delete your account, we delete your personal data within 30 days, except where retention is required by law (e.g. accounting records: 6 years).

7. Your rights (UK GDPR)

You have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Erase your data (“right to be forgotten”)
  • Restrict or object to processing
  • Data portability
  • Withdraw consent at any time
  • Lodge a complaint with the ICO (ico.org.uk)

To exercise any of these rights, email us at privacy@jannatie.com. We will respond within 30 days.

8. Third-party processors

  • Firebase (Google): Authentication and database — EU data residency available.
  • Stripe: Payment processing — PCI-DSS compliant.
  • Azure OpenAI: AI Buddy responses — no data used for training.
  • PostHog: Product analytics — EU hosted, no personal data in events.
  • Sentry: Error tracking — anonymised where possible.
  • Brevo: Transactional email.

9. Contact

Jannatie Ltd · privacy@jannatie.com · [Registered Address], England